ML071790006

From kanterella
Jump to navigation Jump to search

Completion of Acceptance Review of Request to Modify the Main Stream and Feedwater Isolation System
ML071790006
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 08/08/2007
From: Donohew J
NRC/NRR/ADRO/DORL/LPLIV
To: Muench R
Wolf Creek
Donohew J N, NRR/DORL/LP4, 415-1307
References
TAC MD4839
Download: ML071790006 (7)


Text

August 8, 2007 Mr. Rick A. Muench President and Chief Executive Officer Wolf Creek Nuclear Operating Corporation Post Office Box 411 Burlington, KS 66839

SUBJECT:

WOLF CREEK GENERATING STATION - COMPLETION OF ACCEPTANCE REVIEW OF REQUEST TO MODIFY THE MAIN STEAM AND FEEDWATER ISOLATION SYSTEM (TAC NO. MD4839)

Dear Mr. Muench:

By application dated March 14, 2007 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML070800193), Wolf Creek Nuclear Operating Corporation (the licensee) submitted a license amendment request (LAR) in part to modify (1) the safety-related main steam and feedwater isolation system (MSFIS), which is an engineered safety feature actuation system, and (2) the associated Technical Specifications (TSs) for the MSFIS, for the Wolf Creek Generating Station (WCGS). This application has been supplemented by the licensees letters dated April 18, May 9, and June 15, 2007 (ADAMS Accession Nos.

ML071160332, ML071350247, and ML071770446, respectively), and two meetings have been held with the licensee on May 17 and August 2, 2007.

The above LAR application would allow the replacement of the existing MSFIS controls with field programmable gate array (FPGA) technology at WCGS, and would be the first application for this technology in a safety-related system at a nuclear power plant where NRC has to approve the use of the technology. The application, however, included only a brief description of the use of the FPGA technology in the proposed replacement MSFIS, and by letter dated April 18, 2007, the licensee submitted additional documentation. However, the additional documentation was also found to be insufficient. In the meeting held on May 17, 2007, the NRC staff provided the licensee a list of documentation required for the staff to determine if the specification, design, development, test, production, verification and validation (V&V), and commercial grade dedication processes for the replacement MSFIS were of sufficient high quality to allow the NRC staff to initiate its review. The NRC staff followed up the meeting of May 17, 2007, with its letter dated May 29, 2007, which enumerated the additional information the licensee agreed to submit within a month of the meeting. In the meeting and the letter, the NRC staff acknowledged that some of the information it required would not be completed by the licensee until near the end of the staff review of the LAR and requested that the licensee also provide the schedule for submitting that information. On June 15, 2007, the licensee submitted additional documentation and its schedule for submitting documentation not yet completed in response to the NRC staff's required documentation as identified in the meeting summary issued June 4, 2007, for the May 17th meeting (ADAMS Accession No. ML071380510).

R. A. Muench The NRC staff has performed an acceptance review of the LAR in accordance with revision 3 of NRC Office of Nuclear Reactor Regulation Instruction, LIC 101, License Amendment Review Procedures (ADAMS Accession No. ML040060258), Appendix B, Guide for Processing License Amendments, Section 2.2, and has determined that the licensee has provided sufficient information to initiate the review. However, our acceptance of this LAR for review is conditional upon the following, which was discussed in the meeting held on August 2, 2007:

1. The standard which the licensee chose to use to develop this system, RTCA DO-254/EUROCAE ED-80, "Design Assurance Guidance for Airborne Electronic Hardware," has not been reviewed or approved for nuclear safety-related use at nuclear power plants by the NRC staff. At this point, the licensee should provide a detailed mapping of this standard to an NRC-approved standard such as the Institute of Electrical and Electronic Engineers (IEEE) Standard 7-4.3.2, and show on a paragraph-by-paragraph basis what portion of standard RTCA DO-254/EUROCAE ED-80 has similar requirements, and why meeting that portion of RTCA DO-254/EUROCAE ED-80 will satisfy the corresponding section of the approved IEEE standard. There may be sections of the approved standard which are not applicable to an FPGA design, and these should be pointed out and justified. The NRC staff should receive the results of this task by September 20, 2007, as the licensee agreed to in the August 2, 2007, meeting. If this date is not met or the quality of the information is not sufficient, our acceptance of the review of the proposed replacement MSFIS will be retracted.
2. The licensee appears not to understand what the NRC staff requires in its review of the proposed application of FPGAs in a safety-related system. In its application, in Nutherm Dedication Plan for Replacement MSFIS System, Nutherm document number WCN-9715DP, the statement is made that the MSFIS system is not a digital system in the strictest definition as it is not software based,.... Advanced Logic System (ALS)

Level-1 System Specification, CS Innovation document 6000-00000, states The ALS does not utilize a microprocessor and therefore has no software component for the operation of the system. The concern for software common mode failures is eliminated by incorporating a full hardware system which only uses proven design practices and methodologies for implementation of the hardware.

The NRC staff has reviewed the licensees discussion in its May 9, 2007, letter, which presents the licensees position stated above that the replacement MSFIS with FPGAs is not a digital software-based system. As stated in IEEE Standard 100-2000, The Authoritative Dictionary of IEEE Standards Terms, the term digital is defined as pertaining to quantities in the form of discrete, integral values, and a digital device is defined as A device that operates on the basis of discrete numerical techniques in which the variables are represented by coded pulses or states. Because the proposed FPGA system uses digital values, the NRC staff concludes that it is, therefore, a digital system.

Furthermore, the replacement MSFIS is a software-based system. One of the definitions of software in the same IEEE standard is The programs, procedures, rules, and any associated documentation pertaining to the operation of an information processing system. The nature of an FPGA is also that the device is programmed to

R. A. Muench perform its intended functions, and that programming is done using a variety of software tools. While it is true that the output of these tools is used to flash the FPGA into its intended configuration rather than being used as a program to tell a microprocessor what to do, in either case the device is subject to programming and uses software tools to achieve its design objectives. Based on this, the NRC staff concludes that the proposed FPGA system is a software-based system and must be reviewed on that basis.

Based on the definitions in the IEEE standards and the NRC staffs understanding of FPGA devices discussed above, the NRC staff concludes that the FPGA system proposed by the licensee is a software-based digital system, which must rely on high-quality software to meet its design objectives. Acknowledgment by the licensee that the proposed FPGA system is a software-based digital system, which must meet the requirements discussed during meetings with the NRC, should be received by September 4, 2007, as agreed to in the August 2, 2007, meeting. If this date is not met or the quality of the information is not sufficient, our acceptance of the review of the proposed replacement MSFIS will be retracted.

In addition to the above, there are three items enumerated below that present significant challenges to the NRC staff in the review and acceptance of this LAR. These were discussed in the August 2, 2007, meeting.

3. Nutherm International, the commercial grade dedication contractor, chose to use Electric Power Research Institute (EPRI) topical report NP-5652, Guideline for the Utilization of Commercial Grade Items in Nuclear Safety Related Applications, as its guideline for commercial grade dedication for the FPGA system, rather than EPRI TR-106439, Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications or EPRI TR-107330, Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants. As a result, the dedication was by test and inspection only, and no evaluation of the quality of the design effort was made. The commercial dedication process will need to be redone, with an emphasis on high-quality design and lifecycle process, in addition to the V&V and testing already done. The following documentation needs to be revised:
a. MSFIS Controls Replacement Project Plan, Revision 1
b. Nutherm International Dedication Plan WCN-9715DP, Revision 1
c. Nutherm International Quality Assurance Plan (WCN-9175QAP), Revision 0
d. Nutherm International dedication procedures and reports.
4. The licensees diversity and defense-in-depth analysis submitted in the June 15, 2007, letter is insufficient. This is the document entitled "Diversity and Defense-in-Depth Assessment for the Replacement MSFIS Controls. The conclusion of this document is that no diversity or defense-in-depth is needed since "employment of the [RTCA]

DO-254 design guidelines by CS Innovations has resulted in a high quality design," and "the replacement MSFIS system performs at an equivalent level and in several cases provides improved performance resulting in the replacement MSFIS providing increased reliability over the existing MSFIS controls." A new diversity and defense-in-depth

R. A. Muench analysis will be required, where for each anticipated operational occurrence or postulated accident in the design basis occurring in conjunction with each single postulated common-cause failure, the plant response calculated using best-estimate (realistic assumptions) analyses should not result in unacceptable consequences. The licensee will need to demonstrate that sufficient diversity exists to achieve these goals, or to identify the vulnerabilities discovered and show that the corrective actions were taken, including adding a diverse system if necessary.

5. The licensees LAR does not appear to conform with the requirement that software tools be qualified. Approved Standard IEEE 7-4.3.2 defines software tools in Section 3.1.42:

A computer program used in the development, testing, analysis, or maintenance of a program or its documentation. Examples include comparator, cross-reference generator, decompiler, driver, editor, flowcharter, monitor, test case generator, and timing analyzer. Section 5.3.2, Software tools, requires that Software tools used to support software development processes and verification and validation (V&V) processes shall be controlled under configuration management, and A test tool validation program shall be developed to provide confidence that the necessary features of the software tool function as required. There are similar requirements in RTCA DO-254/EUROCAE ED-80, "Design Assurance Guidance for Airborne Electronic Hardware." Section 11.4, Tool Assessment and Qualification, requires that Prior to use of a tool, a tool assessment should be performed. The results of this assessment and, if necessary, tool qualification should be recorded and maintained. The licensee will need to demonstrate that the software tools were qualified for the development of safety-related systems.

Therefore, based on the above discussion, the NRC staff accepts the proposed replacement of the MSFIS in this LAR for review. As stated above, this acceptance of review and the schedule to complete the review is conditional on the licensee providing timely and acceptable responses to the first two items listed below. In addition, the remaining information needed by the NRC staff, including the other three items listed below, must be submitted in a timely manner.

1. A detailed mapping of RTCA DO-254/EUROCAE ED-80 to an NRC-approved standard such as IEEE Standard 7-4.3.2 by September 20, 2007.
2. Acknowledgment by the licensee that the proposed replacement MSFIS with FPGA technology is a software-based digital system by September 4, 2007.
3. A new commercial dedication based upon high-quality lifecycle processes.
4. A new diversity and defense-in-depth analysis.
5. Demonstration of the suitability and qualification of all software tools.

The above items numbered 3, 4, and 5, and the information identified by the licensee in its June 15, 2007, supplemental letter that would be submitted later were included in the list of 16 items handed out by the NRC staff at the August 2, 2007, meeting, and discussed with the licensee. This is the list of items still needed by the NRC staff for its review of the proposed replacement MSFIS with FPGA technology. The NRC staff stated in the meeting that the needed by dates in the list were the dates that the staff needed the items, including the three items numbered 3, 4, and 5 above, in order for it to complete its review and evaluation of the proposed replacement MSFIS with FPGA technology in the LAR by the fall of 2008. The licensee stated in the meeting that the dates identified by the NRC staff as its needed by dates were acceptable and can be met.

R. A. Muench In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter will be made available electronically for public inspection in the NRC Public Document Room or from the NRCs document system (ADAMS), accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html.

If you have any questions concerning this letter, contact Jack Donohew, the project manager for Wolf Creek Generating Station, at 301-415-1307, or, through electronic mail, at jnd@nrc.gov.

Sincerely,

/RA/

John W. Lubinski, Deputy Director Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-482 cc: See next page

ML071790006

  • MThadani for **MGalloway OFFICE NRR/LPL4/PM NRR/LPL4/LA EICB/BC DE/D LPL4/BC DORL/DD NAME JDonohew JBurkhardt WKemper PHiland** THiltz* JLubinski DATE 8/8/07 8/6/07 8/7/07 8/8/07 8/7/07 8/7/07 Wolf Creek Generating Station cc:

Jay Silberg, Esq. Chief, Radiation and Asbestos Control Pillsbury Winthrop Shaw Pittman LLP Section 2300 N Street, NW Kansas Department of Health Washington, D.C. 20037 and Environment Bureau of Air and Radiation Regional Administrator, Region IV 1000 SW Jackson, Suite 310 U.S. Nuclear Regulatory Commission Topeka, KS 66612-1366 611 Ryan Plaza Drive, Suite 400 Arlington, TX 76011 Vice President Operations/Plant Manager Wolf Creek Nuclear Operating Corporation Senior Resident Inspector P.O. Box 411 U.S. Nuclear Regulatory Commission Burlington, KS 66839 P.O. Box 311 Burlington, KS 66839 Supervisor Licensing Wolf Creek Nuclear Operating Corporation Chief Engineer, Utilities Division P.O. Box 411 Kansas Corporation Commission Burlington, KS 66839 1500 SW Arrowhead Road Topeka, KS 66604-4027 U.S. Nuclear Regulatory Commission Resident Inspectors Office/Callaway Plant Office of the Governor 8201 NRC Road State of Kansas Steedman, MO 65077-1032 Topeka, KS 66612 Attorney General 120 S.W. 10th Avenue, 2nd Floor Topeka, KS 66612-1597 County Clerk Coffey County Courthouse 110 South 6th Street Burlington, KS 66839 February 2006